IPsec VPN Server

DietPi has an openvpn server, but it doesn’t support windows, android or iphone without client.
IPsec VPN is the most supported server, will you put it into DietPi?


Try Ivacy, it supports windows, linux, mac and android. Read the detailed analysis here:


When OpenVPN creates the .ovpn file…all the included information and keys are included

The hard part is getting that info out into a “network” config in windows…I think there is a batch file to pull info like that out


Here is the script

Did you try WireGuard? Seems to be a promising new approach and the next software I am aiming to implement: https://github.com/Fourdee/DietPi/issues/2052

I found this thread after using the IPSEC VPN server script from the Github link the OP shared on a previous Pi (before I came across dietpi). https://github.com/hwdsl2/setup-ipsec-vpn

The script works great on Raspbian Stretch, but fails on DietPi in the Fail2Ban setup. I remembered seeing Fail2Ban as an option for installation via dietpi-software so I thought I’d give that a try. Fail2Ban also fails to install when I use the dietpi-software scripts to install it. Maybe this is because I previously broke something trying to use the setup-ipsec-vpn script?

I’d definitely like to get a similar VPN server running on my DietPi box (Pi 3b) because of the OPs stated reasons. Basically natively supported (no client app) on Mac and iOS devices. I don’t fully grasp WireGuard and how that works, and if the end result is the same user experience (because the setup certainly seems more challenging to me).

Anyway, thanks in advance for any nudges in the right direction. If I can get the setup-ipsec-vpn script to work, I’d be totally happy with that, but not sure why I can’t get fail2ban installed.

Could you paste which exact step failed when installing fail2ban?
apt install fail2ban

Thank you for the response. I have since installed the VPN on another device on my network running Debian, however I think the issue on my DietPi (Raspberry Pi 3b) could have been resolved with the same fix I ended up doing on my other device. Here is an issue I hijacked on the iPSEC VPN script repo - Connected through IKEv2 but no traffic · Issue #543 · hwdsl2/setup-ipsec-vpn · GitHub

The fix was:

run this before running the install script:

touch /var/log/auth.log


Just having that auth.log file in place prior to running the script made the installation successful.

Ah indeed that was an issue a while ago. However our installer meanwhile includes this step as well.

Nah, i’m afraid this bug persists as of 10 minutes ago, though, I did the fix and it all seems to work fine.

Great work on the scripting - I’ve wasted HOURS googling and trying to get a simple native solution like this to work on a pi- and this was an absolute doddle to install. Don’t like OpenVPN, do like IPSec

Also thanks for the fix - it’s simple!


Ah yeah our solution is different now:

  • We pre-create the /etc/fail2ban/jail.conf to not use /var/log/auth.log for login fail detection but systemd-journald (journalctl), which is always present thus does not depend on rsyslog.
  • The install only failed because the default jail.conf shipped by the packages has auth.log detection pre-configured thus requires this file.

So the question is now why this does not work in your case. I just tested on VM and works as expected. Did you install the APT package prior to the dietpi-software install manually or when following the IPsec setup guide? Because we do not override existing jail.conf, but expect it this already exists, then it’s most likely customised and should have worked before.

Sorry for the super slow response. I was enjoying the ipsec VPN for a while, but I resorted to using a different device. I also run a music server called forked-daapd on the aforementioned device and it doesn’t play nice with the VPN, they basically require different build libraries (if that’s the right word :thinking: ). Because of this I want to get the ipsec VPN running on diet-pi. I do the trick above creating an empty auth.log file and the script seems to run perfectly. However there’s nothing I can do to connect to my VPN as I was able to before on the other device. I’m not sure what the fail point could be but https://github.com/hwdsl2/setup-ipsec-vpn/issues/595#issuecomment-519954852.